[Ilugc] Safe execution of binary programs
sridharinfinity at gmail.com
Sun Jul 25 17:28:17 IST 2004
Sivasankar Chander <siva at dias.ath.cx> wrote:
> > Is there any way to execute programs (compiled from untrusted C/C++
> > source file) in safe way ?
> > * The program may use 'signal' system call to kill all other user
> > processes. This shoudn't be allowed
> > * The program shoudn't be allowed to use n/w
> > * Resources should be limited ('ulimit' comes here)
> > * .. anything I missed.
> Execute it in a chroot jail as an unprivileged (non-root) user. Better
> still, run it in a virtual machine like plex86/vmware with a minimal
Running it in VM is not appropriate and possible for my application.
But how could running chroot jail prevent calling system calls like
signal (by which the program can easily kill processes).
PS: Actually I am trying to write a (python) program that will execute
Sridhar - http://www.cs.annauniv.edu/~rsridhar
More information about the ilugc